Make pf_nat.saddr/daddr a pf_rule_addr instead of pf_addr_wrap, so it

includes ports and operator.

5 files changed, 68 insertions, 64 deletions

diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 7a61f18eda7..90412c15a05 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.89 2002/06/09 05:31:25 deraadt Exp $	*/
+/*	$OpenBSD: parse.y,v 1.90 2002/06/09 20:20:58 dhartmei Exp $	*/
 
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -1194,11 +1194,11 @@ natrule		: no NAT interface af proto FROM ipspec TO ipspec redirection
 					YYERROR;
 				}
 				nat.af = $7->af;
-				memcpy(&nat.saddr, &$7->addr,
-				    sizeof(nat.saddr));
-				memcpy(&nat.smask, &$7->mask,
-				    sizeof(nat.smask));
-				nat.snot = $7->not;
+				memcpy(&nat.src.addr, &$7->addr,
+				    sizeof(nat.src.addr));
+				memcpy(&nat.src.mask, &$7->mask,
+				    sizeof(nat.src.mask));
+				nat.src.not = $7->not;
 			}
 			if ($9 != NULL) {
 				if ($9->addr.addr_dyn != NULL) {
@@ -1214,11 +1214,11 @@ natrule		: no NAT interface af proto FROM ipspec TO ipspec redirection
 					YYERROR;
 				}
 				nat.af = $9->af;
-				memcpy(&nat.daddr, &$9->addr,
-				    sizeof(nat.daddr));
-				memcpy(&nat.dmask, &$9->mask,
-				    sizeof(nat.dmask));
-				nat.dnot = $9->not;
+				memcpy(&nat.dst.addr, &$9->addr,
+				    sizeof(nat.dst.addr));
+				memcpy(&nat.dst.mask, &$9->mask,
+				    sizeof(nat.dst.mask));
+				nat.dst.not = $9->not;
 			}
 
 			if (nat.no) {
@@ -1940,8 +1940,8 @@ expand_nat(struct pf_nat *n, struct node_host *src_hosts,
 {
 	int af = n->af, added = 0;
 
-	CHECK_ROOT(struct node_host, src_hosts)
-;	CHECK_ROOT(struct node_host, dst_hosts);
+	CHECK_ROOT(struct node_host, src_hosts);
+	CHECK_ROOT(struct node_host, dst_hosts);
 
 	LOOP_THROUGH(struct node_host, src_host, src_hosts,
 	LOOP_THROUGH(struct node_host, dst_host, dst_hosts,
@@ -1957,10 +1957,10 @@ expand_nat(struct pf_nat *n, struct node_host *src_hosts,
 		else if (!n->af && dst_host->af)
 			n->af = dst_host->af;
 
-		n->saddr = src_host->addr;
-		n->smask = src_host->mask;
-		n->daddr = dst_host->addr;
-		n->dmask = dst_host->mask;
+		n->src.addr = src_host->addr;
+		n->src.mask = src_host->mask;
+		n->dst.addr = dst_host->addr;
+		n->dst.mask = dst_host->mask;
 
 		pfctl_add_nat(pf, n);
 		added++;
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index 41fc0f8a55f..4b07d78d39e 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfctl_parser.c,v 1.83 2002/06/09 05:31:25 deraadt Exp $ */
+/*	$OpenBSD: pfctl_parser.c,v 1.84 2002/06/09 20:20:58 dhartmei Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -373,18 +373,20 @@ print_nat(struct pf_nat *n)
 			printf("proto %u ", n->proto);
 	}
 	printf("from ");
-	if (!PF_AZERO(&n->saddr.addr, n->af) || !PF_AZERO(&n->smask, n->af)) {
-		if (n->snot)
+	if (!PF_AZERO(&n->src.addr.addr, n->af) ||
+	    !PF_AZERO(&n->src.mask, n->af)) {
+		if (n->src.not)
 			printf("! ");
-		print_addr(&n->saddr, &n->smask, n->af);
+		print_addr(&n->src.addr, &n->src.mask, n->af);
 		printf(" ");
 	} else
 		printf("any ");
 	printf("to ");
-	if (!PF_AZERO(&n->daddr.addr, n->af) || !PF_AZERO(&n->dmask, n->af)) {
-		if (n->dnot)
+	if (!PF_AZERO(&n->dst.addr.addr, n->af) ||
+	    !PF_AZERO(&n->dst.mask, n->af)) {
+		if (n->dst.not)
 			printf("! ");
-		print_addr(&n->daddr, &n->dmask, n->af);
+		print_addr(&n->dst.addr, &n->dst.mask, n->af);
 		printf(" ");
 	} else
 		printf("any ");
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 7b4d7705905..bc40a89c46d 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.227 2002/06/09 10:55:59 pb Exp $ */
+/*	$OpenBSD: pf.c,v 1.228 2002/06/09 20:20:58 dhartmei Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -404,18 +404,22 @@ pf_compare_nats(struct pf_nat *a, struct pf_nat *b)
 {
 	if (a->proto != b->proto ||
 	    a->af != b->af ||
-	    a->snot != b->snot ||
-	    a->dnot != b->dnot ||
 	    a->ifnot != b->ifnot ||
 	    a->no != b->no)
 		return (1);
-	if (PF_ANEQ(&a->saddr.addr, &b->saddr.addr, a->af))
-		return (1);
-	if (PF_ANEQ(&a->smask, &b->smask, a->af))
-		return (1);
-	if (PF_ANEQ(&a->daddr.addr, &b->daddr.addr, a->af))
+	if (PF_ANEQ(&a->src.addr.addr, &b->src.addr.addr, a->af) ||
+	    PF_ANEQ(&a->src.mask, &b->src.mask, a->af) ||
+	    a->src.port[0] != b->src.port[0] ||
+	    a->src.port[1] != b->src.port[1] ||
+	    a->src.not != b->src.not ||
+	    a->src.port_op != b->src.port_op)
 		return (1);
-	if (PF_ANEQ(&a->dmask, &b->dmask, a->af))
+	if (PF_ANEQ(&a->dst.addr.addr, &b->dst.addr.addr, a->af) ||
+	    PF_ANEQ(&a->dst.mask, &b->dst.mask, a->af) ||
+	    a->dst.port[0] != b->dst.port[0] ||
+	    a->dst.port[1] != b->dst.port[1] ||
+	    a->dst.not != b->dst.not ||
+	    a->dst.port_op != b->dst.port_op)
 		return (1);
 	if (PF_ANEQ(&a->raddr.addr, &b->raddr.addr, a->af))
 		return (1);
@@ -1429,12 +1433,14 @@ pf_get_nat(struct ifnet *ifp, u_int8_t proto, struct pf_addr *saddr,
 		    (n->ifp != ifp && n->ifnot)) &&
 		    (!n->proto || n->proto == proto) &&
 		    (!n->af || n->af == af) &&
-		    (n->saddr.addr_dyn == NULL ||
-		    !n->saddr.addr_dyn->undefined) &&
-		    PF_MATCHA(n->snot, &n->saddr.addr, &n->smask, saddr, af) &&
-		    (n->daddr.addr_dyn == NULL ||
-		    !n->daddr.addr_dyn->undefined) &&
-		    PF_MATCHA(n->dnot, &n->daddr.addr, &n->dmask, daddr, af))
+		    (n->src.addr.addr_dyn == NULL ||
+		    !n->src.addr.addr_dyn->undefined) &&
+		    PF_MATCHA(n->src.not, &n->src.addr.addr, &n->src.mask,
+		    saddr, af) &&
+		    (n->dst.addr.addr_dyn == NULL ||
+		    !n->dst.addr.addr_dyn->undefined) &&
+		    PF_MATCHA(n->dst.not, &n->dst.addr.addr, &n->dst.mask,
+		    daddr, af))
 			nm = n;
 		else
 			n = TAILQ_NEXT(n, entries);
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index ba8591dd64c..49017187261 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_ioctl.c,v 1.1 2002/06/09 03:57:18 pb Exp $ */
+/*	$OpenBSD: pf_ioctl.c,v 1.2 2002/06/09 20:20:58 dhartmei Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -480,8 +480,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		struct pf_nat *nat;
 
 		while ((nat = TAILQ_FIRST(pf_nats_inactive)) != NULL) {
-			pf_dynaddr_remove(&nat->saddr);
-			pf_dynaddr_remove(&nat->daddr);
+			pf_dynaddr_remove(&nat->src.addr);
+			pf_dynaddr_remove(&nat->dst.addr);
 			pf_dynaddr_remove(&nat->raddr);
 			TAILQ_REMOVE(pf_nats_inactive, nat, entries);
 			pool_put(&pf_nat_pl, nat);
@@ -527,11 +527,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			}
 		} else
 			nat->ifp = NULL;
-		if (pf_dynaddr_setup(&nat->saddr, nat->af) ||
-		    pf_dynaddr_setup(&nat->daddr, nat->af) ||
+		if (pf_dynaddr_setup(&nat->src.addr, nat->af) ||
+		    pf_dynaddr_setup(&nat->dst.addr, nat->af) ||
 		    pf_dynaddr_setup(&nat->raddr, nat->af)) {
-			pf_dynaddr_remove(&nat->saddr);
-			pf_dynaddr_remove(&nat->daddr);
+			pf_dynaddr_remove(&nat->src.addr);
+			pf_dynaddr_remove(&nat->dst.addr);
 			pf_dynaddr_remove(&nat->raddr);
 			pool_put(&pf_nat_pl, nat);
 			error = EINVAL;
@@ -561,8 +561,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 
 		/* Purge the old nat list */
 		while ((nat = TAILQ_FIRST(old_nats)) != NULL) {
-			pf_dynaddr_remove(&nat->saddr);
-			pf_dynaddr_remove(&nat->daddr);
+			pf_dynaddr_remove(&nat->src.addr);
+			pf_dynaddr_remove(&nat->dst.addr);
 			pf_dynaddr_remove(&nat->raddr);
 			TAILQ_REMOVE(old_nats, nat, entries);
 			pool_put(&pf_nat_pl, nat);
@@ -605,8 +605,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 			break;
 		}
 		bcopy(nat, &pn->nat, sizeof(struct pf_nat));
-		pf_dynaddr_copyout(&pn->nat.saddr);
-		pf_dynaddr_copyout(&pn->nat.daddr);
+		pf_dynaddr_copyout(&pn->nat.src.addr);
+		pf_dynaddr_copyout(&pn->nat.dst.addr);
 		pf_dynaddr_copyout(&pn->nat.raddr);
 		splx(s);
 		break;
@@ -652,11 +652,11 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 				}
 			} else
 				newnat->ifp = NULL;
-			if (pf_dynaddr_setup(&newnat->saddr, newnat->af) ||
-			    pf_dynaddr_setup(&newnat->daddr, newnat->af) ||
+			if (pf_dynaddr_setup(&newnat->src.addr, newnat->af) ||
+			    pf_dynaddr_setup(&newnat->dst.addr, newnat->af) ||
 			    pf_dynaddr_setup(&newnat->raddr, newnat->af)) {
-				pf_dynaddr_remove(&newnat->saddr);
-				pf_dynaddr_remove(&newnat->daddr);
+				pf_dynaddr_remove(&newnat->src.addr);
+				pf_dynaddr_remove(&newnat->dst.addr);
 				pf_dynaddr_remove(&newnat->raddr);
 				pool_put(&pf_nat_pl, newnat);
 				error = EINVAL;
@@ -683,8 +683,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		}
 
 		if (pcn->action == PF_CHANGE_REMOVE) {
-			pf_dynaddr_remove(&oldnat->saddr);
-			pf_dynaddr_remove(&oldnat->daddr);
+			pf_dynaddr_remove(&oldnat->src.addr);
+			pf_dynaddr_remove(&oldnat->dst.addr);
 			pf_dynaddr_remove(&oldnat->raddr);
 			TAILQ_REMOVE(pf_nats_active, oldnat, entries);
 			pool_put(&pf_nat_pl, oldnat);
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index 0741f8f4ac0..39abee4967c 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfvar.h,v 1.81 2002/06/09 08:53:08 pb Exp $ */
+/*	$OpenBSD: pfvar.h,v 1.82 2002/06/09 20:20:58 dhartmei Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -328,18 +328,14 @@ struct pf_tree_node {
 
 
 struct pf_nat {
+	struct pf_rule_addr	 src;
+	struct pf_rule_addr	 dst;
+	struct pf_addr_wrap	 raddr;
 	char			 ifname[IFNAMSIZ];
 	struct ifnet		*ifp;
 	TAILQ_ENTRY(pf_nat)	 entries;
-	struct pf_addr_wrap	 saddr;
-	struct pf_addr_wrap	 daddr;
-	struct pf_addr_wrap	 raddr;
-	struct pf_addr		 smask;
-	struct pf_addr		 dmask;
 	u_int8_t		 af;
 	u_int8_t		 proto;
-	u_int8_t		 snot;
-	u_int8_t		 dnot;
 	u_int8_t		 ifnot;
 	u_int8_t		 no;
 };